Date: Mon, 18 May 2009 09:57:11 -0400 From: Jerry McAllister <jerrymc@msu.edu> To: Kelly Jones <kelly.terry.jones@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Backing up FreeBSD and other Unix systems securely Message-ID: <20090518135711.GB99336@gizmo.acns.msu.edu> In-Reply-To: <26face530905170912m3ca8b762nd0cfadc7db34da6f@mail.gmail.com> References: <26face530905170912m3ca8b762nd0cfadc7db34da6f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 17, 2009 at 09:12:57AM -0700, Kelly Jones wrote:
> I tried using Mozy for backups because they offer unlimited space, but
> 1) they don't support FreeBSD, 2) they encrypt file contents, but NOT
> file names, and 3) they don't do true versioned backups. Easy
> workaround for 1): rsync to a Mac/Windows and backup from there, but
> 2) and 3) are more difficult.
Is there any possibility of using your own media locally - such as
tape or a large USB attached disk? If security is such a primary
concern, I can't see sending the data to that type of offsite thing.
Get a couple of large USB SATAs and use dump(8) to back the stuff up
on them. Write them encrypted if you need.
////jerry
>
> My plan:
>
> % Use "dd if=/dev/random of=mykey" to create a random blowfish key
>
> % Blowfish encrypt mykey with a passphrase only I know. Backup the
> encrypted blowfish key to a remote host.
>
> % Keep track of when I last ran the backup program ("touch
> /some/path/timestamp" at start of run) and only backup files that've
> been modified more recently ("find / -newer /some/path/timestamp").
>
> % To backup "foo.txt", first bzip2 it and encrypt w/ my blowfish key.
>
> % Then, take the sha1 hash of the bzip'd/encrypted file, and backup
> foo.txt to remotehost:/some/path/{sha1 hash}.
>
> % To avoid too many files in one dir, I may backup
> b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593 to
> remotehost:/some/path/b0/d0/a7/b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593
> for example.
>
> % In an SQLite3 db, record the filename I'm backing up, its
> timestamp, and its bzip'd/encrypted hash. Store an encrypted copy of
> the db on the remote server.
>
> I like this plan because it does versioned backups, and doesn't backup
> identical files twice. I dislike it because I lose Mozy's unlimited
> disk space.
>
> Questions:
>
> % Does this plan seem secure and reasonable?
>
> % Will backing up the 0-byte file this way make it easy to guess my
> blowfish key?
>
> % Is there software that already does this?
>
> % Can this plan be improved?
>
>
> % Does anyone offer unlimited space for Unix backups?
> (safesnaps.com????)
>
> % Any general thoughts/comments on this plan?
>
> --
> We're just a Bunch Of Regular Guys, a collective group that's trying
> to understand and assimilate technology. We feel that resistance to
> new ideas and technology is unwise and ultimately futile.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090518135711.GB99336>